<?php
defined('CITY_BAO') or exit('Access Denied');
require CB_CORE.'modules/'.$config_module['module'].'/common.inc.php';
$form_validate = form_validate('changepass');
$forward = $request->getParam('forward');
if(!$forward) {
	$reffer = $request->getReffer();
	$forward = $reffer?$reffer:SITE_URL;
	if(strpos($forward,'member/changepass')){
		$forward = INSTALL_PATH.'member/index.php';
	}
}
if($request->isPost()){
	$old_password = $request->getParam('old_password');
	$password = trim($request->getParam('password'));
	$password2 = trim($request->getParam('password2'));
	$validate = trim($request->getParam('validate'));
    $error = '';
	if($validate != $form_validate){
		$error = '数据来源校验失败！';
	}else{
	    $result = check_password($password,$password2);
	    if($result!==true){
	    	$error = $result;
	    	$tpl->assign('error',$result);
	    }else{
	    	$user = $cbdb->get_row('SELECT * FROM {#cbdbPrefix}members WHERE username="'.$user->username.'" AND password="'.md5($old_password).'" LIMIT 0,1');
	    	if(!$user){
	    		$error = '旧密码输入错误！';
	    		$tpl->assign('error','旧密码输入错误！');
	    	}else{
	    		$cbdb->query("UPDATE {#cbdbPrefix}members SET password='".md5($password)."' WHERE userid=".$user->userid);
	    		$user->password = md5($password);
	    		set_cookie('auth_user',$user);
	    	}
	    }
	}
    if($request->isXmlHttpRequest()){
    	if($error){
    		exit($error);
    	}else{
    		exit('OK');
    	}
    }else{
	    if($error){
			$tpl->assign('error',$error);
			$tpl->assign('title','密码修改失败');
    	}else{
			$tpl->assign('title','密码修改成功！');
			redirect($forward);
    	}
    }
}else{
	$tpl->assign('title','修改密码');
}
$tpl->assign('forward',$forward);
$tpl->assign('validate',$form_validate);
$tpl->display('member/changepass.tpl');